Lucene search
K

349 matches found

NVD
NVD
added 2026/01/24 8:16 a.m.6 views

CVE-2026-0806

The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS0.00371EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/24 7:26 a.m.3 views

CVE-2026-0806

The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS5.9AI score0.00371EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.3 views

CVE-2026-0806 WP-ClanWars <= 2.0.1 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter

The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS5.9AI score0.00371EPSS
Exploits0References4
CVE
CVE
added 2026/01/24 7:26 a.m.24 views

CVE-2026-0806

The WP-ClanWars WordPress plugin (

4.9CVSS5.9AI score0.00371EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/24 7:26 a.m.37 views

CVE-2026-0806 WP-ClanWars <= 2.0.1 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter

The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS0.00371EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/24 5:38 a.m.11 views

WordPress WP-ClanWars plugin <= 2.0.1 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter vulnerability

Authenticated Administrator+ SQL Injection via 'orderby' Parameter vulnerability discovered by 0x34rth in WordPress Plugin WP-ClanWars versions = 2.0.1...

4.9CVSS5.8AI score0.00371EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:38 a.m.6 views

CVE-2017-12949

lib\modules\contributors\contributorlisttable.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF...

8.8CVSS9AI score0.01109EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.4 views

CVE-2025-13652

The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS6.5AI score0.01077EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/06 7:51 a.m.6 views

WordPress CBX Bookmark & Favorite plugin <= 2.0.4 - Authenticated (Subscriber+) SQL Injection via `orderby` Parameter vulnerability

Authenticated Subscriber+ SQL Injection via orderby Parameter vulnerability discovered by Muhamad Visat in WordPress Plugin CBX Bookmark & Favorite versions = 2.0.4...

6.5CVSS8AI score0.01077EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/06 4:15 a.m.6 views

CVE-2025-13652

The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.01077EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/06 3:21 a.m.35 views

CVE-2025-13652 CBX Bookmark & Favorite <= 2.0.4 - Authenticated (Subscriber+) SQL Injection via `orderby` Parameter

The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.01077EPSS
Exploits0References2
CVE
CVE
added 2026/01/06 3:21 a.m.25 views

CVE-2025-13652

The CVE-2025-13652 entry concerns CBX Bookmark & Favorite (WordPress) with a SQL Injection vulnerability via the orderby parameter in all versions up to 2.0.4. The issue arises from insufficient escaping and lack of proper SQL query preparation, enabling authenticated attackers with Subscriber+ p...

6.5CVSS6.2AI score0.01077EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/06 3:21 a.m.3 views

CVE-2025-13652 CBX Bookmark & Favorite <= 2.0.4 - Authenticated (Subscriber+) SQL Injection via `orderby` Parameter

The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS6.2AI score0.01077EPSS
Exploits0References2
OSV
OSV
added 2025/12/22 1:16 a.m.5 views

CVE-2025-15004

A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

8.8CVSS5.7AI score0.00302EPSS
Exploits1References4
NVD
NVD
added 2025/12/22 1:16 a.m.5 views

CVE-2025-15004

A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

8.8CVSS0.00302EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/22 12:2 a.m.3 views

CVE-2025-15004 DedeCMS freelist_main.php sql injection

A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

6.5CVSS6.8AI score0.00302EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/11/08 12:55 a.m.8 views

CVE-2025-63689

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...

10CVSS8.8AI score0.00839EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/07 6:30 p.m.5 views

EUVD-2025-38273

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...

10CVSS8.2AI score0.00839EPSS
Exploits1References3
NVD
NVD
added 2025/11/07 4:15 p.m.6 views

CVE-2025-63689

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...

10CVSS0.00839EPSS
Exploits1References3
OSV
OSV
added 2025/11/07 3:15 p.m.5 views

CVE-2025-12860

A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelistmain.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

7.2CVSS5.7AI score0.00296EPSS
Exploits0References4
Rows per page
Query Builder